Risks
Advisories
Browse
or
or
Caldera Security Advisory - Volution Manager: Directory Administrator password in cleartext
______________________________________________________________________________ 


                Caldera International, Inc. Security Advisory 


Subject: Volution Manager: Directory Administrator password in cleartext 
Advisory number: CSSA-2002-024.0 
Issue date: 2002 June 3 
Cross reference: 
______________________________________________________________________________ 



1. Problem Description 


        Volution Manager stores the unencrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 


        This vulnerability will be corrected in the next release of 
        Volution Manager. 



2. Vulnerable Supported Versions 



        System Package 
        ---------------------------------------------------------------------- 
        Volution Manager 1.1 Standard 



3. Solution 


        Volution Manager stores the un-encrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 
        The password line looks similar to this: 


                rootpw <clear_text_password> 


        Caldera strongly recommends that you encrypt this password, 
        using the following steps: 


        As the root user, run slappasswd, entering your desired 
        password at the prompts (the example uses newpasswd as the new 
        password; the password will not be seen as you type it). 


        # slappasswd 
        New password: newpasswd 
        Re-enter new password: newpasswd 
        {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 
        # 


        The output is the new, encrypted password. In the file 
        /etc/ldap/slapd.conf, replace the previous rootpw line with a 
        line containing the new, encrypted password so that the line 
        looks similar to this: 


                rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 



4. References 


        Specific references for this advisory: 
                none 


        Caldera OpenLinux security resources: 
                http://www.caldera.com/support/security/index.html 


        Caldera UNIX security resources: 
                http://stage.caldera.com/support/security/ 


        This security advisory closes Caldera incidents sr864231, 
        erg501574. 




5. Disclaimer 


        Caldera International, Inc. is not responsible for the misuse 
        of any of the information we provide on this website and/or 
        through our security advisories. Our advisories are a service 
        to our customers intended to promote secure installation and 
        use of Caldera products. 


______________________________________________________________________________ 



-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (SCO_SV) 
Comment: For info see http://www.gnupg.org 


iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd 
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1 
=Hb6I 
-----END PGP SIGNATURE----- 




Spotlight

The evolution of backup and disaster recovery

Posted on 25 July 2014.  |  Amanda Strassle, IT Senior Director of Data Center Service Delivery at Seagate Technology, talks about enterprise backup issues, illustrates how the cloud shaping an IT department's approach to backup and disaster recovery, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //